swiftclient logs sensitive info in http requests

For swift, different from other projects in OpenStack, there would be another sensitive header "X-Storage-Token", if you use the V1 Auth API.

addressed in https://review.openstack.org/#/c/194884/ and https://review.openstack.org/#/c/259273

I like https://review.openstack.org/#/c/194884/2 a little more, because I think we should consider the different usecase/requirements for command line access (nice for --debug to output working curl commands, swift auth outputs token to terminal) vs programatic access (which should default to scrubbing some defined "black_list_headers" list *regardless* of logleve - but that the the *shell module* could still patch at *runtime* so as to still allow output of working curl commands to the terminal)

see https://review.openstack.org/#/c/282363/

Reviewed: https://review.openstack.org/282363
Committed: https://git.openstack.org/cgit/openstack/python-swiftclient/commit/?id=4d44dcf36086add13d3353915c014f095ab99c6d
Submitter: Jenkins
Branch: master

commit 4d44dcf36086add13d3353915c014f095ab99c6d
Author: Joel Wright <email address hidden>
Date: Fri Feb 19 13:18:15 2016 +0000

    Do not reveal auth token in swiftclient log messages by default

    Currently the swiftclient logs sensitive info in headers when logging
    HTTP requests. This patch hides sensitive info in headers such as
    'X-Auth-Token' in a similar way to swift itself (we add a
    'reveal_sensitive_prefix' configuration to the client).

    With this patch, tokens are truncated by removing the specified number
    of characters, after which '...' is appended to the logged token to
    indicate that it has been redacted.

    Co-Authored-By: Li Cheng <email address hidden>
    Co-Authored-By: Zack M. Davis <email address hidden>
    Change-Id: I43dd7254f7281d4db59b286aa2145643c64e1705
    Closes-bug: #1516692

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/284645

Change abandoned by Bing Hu (<email address hidden>) on branch: master
Review: https://review.openstack.org/259273
Reason: this bug has been fixed in https://review.openstack.org/#/c/282363

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/289890

Change abandoned by Alistair Coles (<email address hidden>) on branch: stable/liberty
Review: https://review.openstack.org/284645
Reason: Moved to https://review.openstack.org/#/c/289890/ to create a unique change ID

Reviewed: https://review.openstack.org/289890
Committed: https://git.openstack.org/cgit/openstack/python-swiftclient/commit/?id=d95d14ac10996e1efb50d1c34e29f3d692cde150
Submitter: Jenkins
Branch: stable/liberty

commit d95d14ac10996e1efb50d1c34e29f3d692cde150
Author: Joel Wright <email address hidden>
Date: Fri Feb 19 13:18:15 2016 +0000

    Do not reveal auth token in swiftclient log messages by default

    Currently the swiftclient logs sensitive info in headers when logging
    HTTP requests. This patch hides sensitive info in headers such as
    'X-Auth-Token' in a similar way to swift itself (we add a
    'reveal_sensitive_prefix' configuration to the client).

    With this patch, tokens are truncated by removing the specified number
    of characters, after which '...' is appended to the logged token to
    indicate that it has been redacted.

    Also include client.parse_header_string() for safe unicode handling
    of header data.

    Backport based on commits:

      c3f06417049e17a8d45ee5926c5043cb6c8aa9ef
      4d44dcf36086add13d3353915c014f095ab99c6d
      ce569f46517e10f2ce0d27e9ee0a922ad1d84e2f
      46d817828082105a69d4da53fef2f2fbefc54809
      aa0edd00966237163451fc44cda2c593a5215cbe

    Co-Authored-By: Tim Burke <email address hidden>
    Co-Authored-By: Alistair Coles <email address hidden>
    Co-Authored-By: Li Cheng <email address hidden>
    Co-Authored-By: Zack M. Davis <email address hidden>

    Change-Id: I71fc5aad23bc076b06f75888c3ea507feffc7b48
    Closes-bug: #1516692

This issue was fixed in the openstack/python-swiftclient 3.0.0 release.